Page MenuHomeSoftware Heritage
Differential D8451 Diff 30477 swh/auth/django/middlewares.py

Changeset View

Standalone View

View Options

swh/auth/django/middlewares.py

Show All 17 Linesclass OIDCSessionExpiredMiddleware:
the OpenID Connect authentication backend got his session expired. the OpenID Connect authentication backend got his session expired.
In that case it will perform a redirection to a django view whose In that case it will perform a redirection to a django view whose
name must be set in the ``SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW`` name must be set in the ``SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW``
django setting (typically a logout view). django setting (typically a logout view).
The following query parameter will be set for that view: The following query parameter will be set for that view:
* ``next_path``: requested URL before the detection of the session expiration * ``next``: requested URL before the detection of the session expiration
* ``remote_user``: indicates that the user was previously authenticated with OIDC * ``remote_user``: indicates that the user was previously authenticated with OIDC
""" """
def __init__(self, get_response=None): def __init__(self, get_response=None):
self.get_response = get_response self.get_response = get_response
self.redirect_view = getattr( self.redirect_view = getattr(
settings, "SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW", None settings, "SWH_AUTH_SESSION_EXPIRED_REDIRECT_VIEW", None
Show All 21 Lines def __call__(self, request):
or "OIDC" not in request.session[BACKEND_SESSION_KEY] or "OIDC" not in request.session[BACKEND_SESSION_KEY]
or request.path in self.exempted_urls or request.path in self.exempted_urls
): ):
return self.get_response(request) return self.get_response(request)
# At that point, we know that a OIDC user was previously logged in # At that point, we know that a OIDC user was previously logged in
# and his session has expired. # and his session has expired.
# Redirect to a view specified in django settings. # Redirect to a view specified in django settings.
next_path = request.get_full_path() next = request.get_full_path()
logout_url = reverse( logout_url = reverse(
self.redirect_view, query_params={"next_path": next_path, "remote_user": 1} self.redirect_view, query_params={"next": next, "remote_user": 1}
) )
return HttpResponseRedirect(logout_url) return HttpResponseRedirect(logout_url)
About · Developer information · Legal